The Polish Data Protection Authority (GIODO) has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services sector, as well as on the consumer sector, with particular attention to certain profiling activities taking place in stores and shopping malls.
With cybersecurity issues evolving rapidly, every minute counts. Our new video series, Your Cyber Minute, is specifically designed for busy in-house counsel to gain practical perspectives – fast. This multi-part series is an extension of our Ready, Set, Respond resource portal and highlights today’s hottest topics in cybersecurity. To watch in real time, follow us on LinkedIn and Twitter, where we post a new video on Monday and Thursday.
The two installments we’ve released so far feature cybersecurity practice lead and partner Harriet Pearson speaking with:
- Former financial crimes enforcement lawyer and Hogan Lovells partner Greg Lisa about the NY Department of Financial Services’ (NY DFS) proposed cybersecurity regulations
- Hogan Lovells Cyber Risk Services managing principal Jeff Lolley about major cyber threats facing organizations in 2017
Tune in to get the latest in what you need to know and how to better be prepared.
Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.
The UK data protection regulator (the “ICO”) has for some time been actively enforcing against organisations who buy individuals’ personal data for direct marketing purposes without first conducting appropriate due diligence to ensure that those individuals have adequately consented to receiving marketing communications.
On January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the Advancement of the Internet of Things,” which assesses the technological and policy landscape of the Internet of Things (IoT). The Green Paper is expansive in scope, reflecting the broad range of issues raised in comments submitted by stakeholders in the private sector, academia, government, and civil society following NTIA’s April 2016 request for public comment. The Green Paper identifies key issues, and provides recommendations and assessments on the potential benefits and risks that IoT portends. The NTIA identifies cybersecurity, privacy and cross-border data flows as the most significant policy issues. It also proposes four principles for future policy engagement in which the Department would play a central role in creating conditions that would foster IoT growth. The agency also requested additional comments on the issues raised by the Green Paper.
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June 2017.
On 7 February 2017, the Russian President signed into law a bill (link in Russian) introducing amendments to the Russian Code on Administrative Offences that increases the amount of the fines imposed for violating Russian data protection laws and differentiates the relevant offences’ types. The greatest increase raises maximum fines for certain violations from RUB 10,000 to 75,000 (approx. USD 170 to 1,260). The law will come into force on 1 July 2017.
On 1 February 2017, the German federal cabinet adopted a draft data protection bill. The planned implementation statute aims to supplement and further define the EU General Data Protection Regulation, which will come into force in 2018. The Chronicle of Data Protection’s summary of the most relevant aspects of the draft bill can be found here. We turn now to a preliminary assessment and explanation of proposed bill, provided by German Data Protection and Freedom of Information Officer Dr. Stefan Brink, European Parliament member Jan Albrecht, and Hogan Lovells partner Tim Wybitul.
Recent changes to Japan’s Act on the Protection of Personal Information and the establishment of a new Personal Information Protection Commission have raised questions about how the world’s third-largest economy plans to implement new domestic requirements and engage internationally on cross-border data transfers, APEC, new technologies, and more.
Hogan Lovells recently hosted some of Japan’s senior data privacy regulators and advisors for a special briefing in our Washington, D.C. offices. Click here for our summary of the insights they shared on the amended law and how companies doing business in Japan should prepare to comply when the changes take effect in May 2017.
On January 23, 2017, fourteen months after hosting a workshop to review the multi-device, multi-platform digital landscape, the FTC issued a staff report on cross-device tracking. The report summarizes the FTC’s 2015 workshop on cross-device tracking and provides a set of related recommendations. The report’s recommendations for cross-device tracking echo the FTC’s guidance and enforcement priorities for other online practices—transparency, choice, affirmative consent for sensitive data collection, and reasonable security. The report also echoes themes from the FTC’s 2009 Self-Regulatory Principles for Behavioral Advertising report. Commissioner Maureen Ohlhausen noted in a concurring statement that the new guidance “does not alter the FTC’s longstanding privacy principles but simply discusses their application in the context of a new technology.”
In this post, we look at the FTC’s previous advice on cross-device tracking, key takeaways from the FTC report, and how the guidance aligns with the Digital Advertising Alliance’s (DAA) self-regulatory principles for cross-device tracking, which become enforceable on February 1, 2017.
Please join us for our February 2017 Privacy and Cybersecurity Events.
|January 31-February 1||